AI帮你理解科学

AI 生成解读视频

AI抽取解析论文重点内容自动生成视频


pub
生成解读视频

AI 溯源

AI解析本论文相关学术脉络


Master Reading Tree
生成 溯源树

AI 精读

AI抽取本论文的概要总结


微博一下
We presented the first encryption system that can be proved to be n-circular secure under chosen-plaintext attack in the standard model

Circular-Secure Encryption from Decision Diffie-Hellman

CRYPTO, (2008): 108-125

引用303|浏览38
EI
下载 PDF 全文
引用
微博一下

摘要

We describe a public-key encryption system that remains secure even encrypting messages that depend on the secret keys in use. In particular, it remains secure under a "key cycle" usage, where we have a cycle of public/secret key-pairs (pki,ski) for i= 1,...,n, and we encrypt each skiunder ${\rm pk}_{(i \bmod n)+1}$. Such usage scenarios ...更多

代码

数据

简介
  • Secure encryption is arguably the most basic task in cryptography, and significant work has gone into defining and attaining it.
  • The danger of encrypting messages that the adversary cannot find on its own was already noted more than two decades ago by Goldwasser and Micali [10, §5.1].
  • Supported by NSF and the Packard Foundation.
  • Supported by IBM Faculty Award, Xerox Innovation Group Award, NSF grants 0430254, 0716835, 0716389 and U.C. MICRO grant
重点内容
  • Secure encryption is arguably the most basic task in cryptography, and significant work has gone into defining and attaining it
  • The difficulty in constructing such a system is the simulation of an encryption clique without knowledge of any of the secret keys
  • A Cramer-Shoup simulator is in possession of all secret keys and can use them to create an encryption clique to give to the adversary
  • The problem is that the simulator has to embed the Decision Diffie-Hellman challenge into the circular clique, but it is difficult to do so while creating a valid clique
  • We presented the first encryption system that can be proved to be n-circular secure under chosen-plaintext attack in the standard model
  • Security is based on the Decision Diffie-Hellman assumption and holds even if the adversary is given affine functions of the secret keys
结果
  • The authors' main result is a public-key system that is circular-secure in the standard model under the Decision Diffie-Hellman assumption.
  • The authors' system tolerates the adversary seeing encryption cliques without compromising security.
  • The difficulty in constructing such a system is the simulation of an encryption clique without knowledge of any of the secret keys.
  • The authors point out that one may be tempted to use a CramerShoup-like construction and simulation [7] to prove n-circular security.
  • A Cramer-Shoup simulator is in possession of all secret keys and can use them to create an encryption clique to give to the adversary.
  • The problem is that the simulator has to embed the DDH challenge into the circular clique, but it is difficult to do so while creating a valid clique
结论
  • Proving that the system is circular secure is somewhat involved.
  • The authors give some intuition for the construction and its proof.
  • The authors constructed in Section 5 a simple system that is weakly secure, but breaks completely once a key-cycle is published.
  • An important remaining problem is to obtain circular security against chosen ciphertext attacks.
  • Other interesting problems are to improve the performance of the system, and to construct a semantically secure system that becomes insecure once an n-encryption cycle is published
引用论文
  • Adao, P., Bana, G., Herzog, J., Scedrov, A.: Soundness of formal encryption in the presence of key-cycles. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 374–396. Springer, Heidelberg (2005)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Rogaway, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient encryption. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)
    Google ScholarLocate open access versionFindings
  • Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • Camenisch, J., Lysyanskaya, A.: An efficient system, for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Cramer, R., Shoup, V.: A practical cryptosystem provably secure under chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)
    Google ScholarLocate open access versionFindings
  • Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. of Computing 30(2), 391–437 (2000)
    Google ScholarLocate open access versionFindings
  • Erdos, P., Hall, R.: Probabilistic methods in group theory II. Houston Math Journal 2, 173–180 (1976)
    Google ScholarLocate open access versionFindings
  • Goldwasser, S., Micali, S.: Probabilistic encryption. Jour. of Computer and System Science 28(2), 270–299 (1984)
    Google ScholarLocate open access versionFindings
  • Haitner, I., Holenstein, T.: On the (Im)Possibility of Key Dependent Encryption. Cryptology ePrint Archive (2008), http://eprint.iacr.org/2008/164
    Locate open access versionFindings
  • Halevi, S., Krawczyk, H.: Security under key-dependent inputs. In: proceedings of the 14th ACM conference on computer and communications security (CCS) (2007), http://eprint.iacr.org/2007/315
    Locate open access versionFindings
  • Hastad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)
    Google ScholarLocate open access versionFindings
  • Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)
    Google ScholarLocate open access versionFindings
  • Hofheinz, D., Unruh, D.: Towards key-dependent message security in the standard mode. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 108–126. Springer, Heidelberg (2008)
    Google ScholarFindings
  • Katz, J., Yung, M.: Unforgeable encryption and adaptively secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299.
    Google ScholarLocate open access versionFindings
  • Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Laud, P., Corin, R.: Sound computational interpretation of formal encryption with composed keys. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 55–66. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)
    Google ScholarLocate open access versionFindings
  • Shacham, H.: A Cramer-Shoup Encryption Scheme from the Linear Assumption and from Progressively Weaker Linear Variants. Cryptology ePrint Archive (2007) http://eprint.iacr.org/2007/074
    Locate open access versionFindings
  • Shoup, V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, Cambridge (2005)
    Google ScholarFindings
0
您的评分 :

暂无评分

标签
评论
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn